@Json, you said "it wasn't what I wanted to hear, but I'll accept your answer." !!
I would suggest use of Browser Extensions for digitally signing pdf, file, or anything from modern browsers. Browser extension will plug between browser providing JavaScript to browser connecting to extension host (application) running locally and accessing CertStore.
Our company has one such extension published and is free which uses .NET framework 3.5 which is generally available on all Windows clients. It does not use PKCS#11 simply eliminating need to provide PKCS#11 drivers etc and just works transparently once installed successfully. It uses Windows CertStore.
As per your comment, you have more clients running firefox, but we have Edge and Firefox extensions in development.
Setup (of host application running behind the chrome browser on windows) may be downloaded from https://download.cnet.com/Signer-Digital-Chrome-Extension/3000-33362_4-78042540.htmlInstalling this host and restarting Chrome will automatically add Signer.Digital Chrome Extension
The actual working of this extension is illustrated here
Javascript to call method from extension:
//Calculate Sign for the Hash by Calling function from Extension SignerDigital SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256") //or "SHA256" .then( function (signDataResp) { //Send signDataResp to Server }, function (errmsg) { //Send errmsg to server or display the result in browser. } );If success, returns Base64 encoded pkcs7 signature - use any suitable library to inject sign to pdfIf Failed, returns error msg starting with "SDHost Error:"
I hope this helps!
